Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

You can use wildcards to specify your input path for monitored input. Use "..." for recursive directory matching and "" for wildcard matching in a single directory segment. "..." recurses through directories. This means that /foo/.../bar will match foo/bar, foo/1/bar, foo/1/2/bar, etc.

You can use multiple "..." specifications in a single input path. For example: /foo/.../bar/...

The asterisk () matches anything in a single path segment; unlike "...", it does not recurse. For example, /foo//bar matches the files /foo/bar, /foo/1/bar, /foo/2/bar, etc. However, it does not match /foo/1/2/bar . A second example: /foo/m*r/bar matches /foo/bar, /foo/mr/bar, /foo/mir/bar, /foo/moor/bar, etc.

You can combine "" and "..." as required: foo/.../bar/ matches any file in the bar directory within the specified path.